Kaspersky Lab Uncovers Third Windows Zero-Day Exploit in Three Months

Woburn, MA – December 12, 2018 – Kaspersky Lab technologies have detected a new exploited vulnerability in the Microsoft Windows OS kernel, the third consecutive zero-day exploit discovered in three months. The most recent vulnerability, CVE-2018-8611, was found being used in malware targeting a small number of victims in the Middle East and Asia.

This vulnerability is particularly dangerous because it exists in the kernel mode module of the operating system, and it can be used to bypass built-in exploit mitigation mechanisms in modern web browsers, including Google Chrome and Microsoft Edge. Kaspersky Lab researchers reported the vulnerability to Microsoft, and a patch has been released.

All three recent Windows exploits were detected by Kaspersky Lab’s Automatic Exploit Prevention technology, embedded in most of the company’s products. Like the last two exploited vulnerabilities (CVE-2018-8589 and CVE-2018-8453), patched by Microsoft in October and November, respectively, the latest exploit was found used in-the-wild targeting victims in the Middle East and Africa. The malware writers referred to exploit CVE-2018-8589 as “Alice,” while the latest exploit was referred to as “Jasmine.” Kaspersky Lab researchers believe that multiple threat actors, including a new advanced persistent threat (APT) called Sandcat, have exploited this newest vulnerability. 

“The detection of three kernel mode zero-days within a few months is evidence that our products use the best technologies, which are capable of detecting such sophisticated threats,” said Anton Ivanov, security expert at Kaspersky Lab. “For organizations, it is important to understand that to protect their perimeter they should use a combined solution, like endpoint protection with an advanced threat detection platform.”

Kaspersky Lab recommend the following security measures for businesses to stay protected against zero-day threats:

• Install Microsoft’s patch for the new vulnerability, CVE-2018-8611.
• Make sure you update all software used in your organization on a regular basis, and any time a new security patch is released. Security products with Vulnerability Assessment and Patch Management capabilities may help to automate this process.
• Choose a proven security solution, such as Kaspersky Endpoint Security, that is equipped with behavior-based detection capabilities for effective protection against known and unknown threats, including exploits.
• Use advanced security tools, like Kaspersky Anti Targeted Attack Platform, if your company requires highly sophisticated protection.
• Make sure your security team has access to the most recent cyber threat intelligence.  Private reports on the latest developments in the threat landscape are available to customers of Kaspersky Intelligence Reporting. For further details, contact: intelreports@kaspersky.com.
• Ensure your entire staff is trained in the basics of cybersecurity hygiene.

For further details on the latest Microsoft Windows exploit, read the full report on Securelist.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.

Media Contact
Meghan Rimol
meghan.rimol@kaspersky.com 
781.503.2671